CLAIMS 



What is claimed is: 

1. A method for a multi-protocol edge switch to process received data 
frames, the edge switch connected to at least two networks that each use distinct 
data link layer network protocols, the method comprising: 

receiving multiple data frames transmitted from source nodes on a 
first of the networks that uses a first data link layer network protocol, each data 
frame comprising a header and a payload specified in a manner specific to the 
first data link layer network protocol, each header including an indication of a 
destination network address corresponding to a node on a second of the networks 
and each payload including a message specified using an application layer 
network protocol; and 

for each of the multiple received data frames, 

deconstructing the data frame to identify the indicated 
destination network address and the payload for the data frame, the 
deconstructing performed in a manner based on the first data link layer network 
protocol; 

without deconstructing the data frame a second time, 
processing the deconstructed data frame by, 

analyzing the identified payload in order to determine a 
type of the included message, the analyzing performed in a manner based on the 
application layer network protocol used to specify the included message; 

analyzing the identified payload to verify an absence of 

disallowed content; 

selecting one of multiple nodes of the second network to 
which the identified destination network address corresponds, the multiple nodes 
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each associated with the identified destination network address, the selecting 
performed so as to balance processing loads on the multiple nodes; and 

constructing a distinct data frame for transmission to the 
selected one node, the distinct data frame comprising a header and the identified 
payload and specified in a manner specific to the data link layer network protocol 
used by the second network; and 

transmitting the constructed distinct data frame to the selected 
one node on the second network, 

so that each of the received data frames can be processed in multiple ways based 
on a single deconstruction of the data frame before transmitting the payload of the 
data frame to a destination node. 

2. The method of claim 1 wherein the processing of each of the 
deconstructed data frames includes performing in parallel the analyzing of the 
payload to determine the type of the included message, the analyzing of the 
identified payload to verify the absence of disallowed content, the selecting of the 
one node and the constructing of the distinct data frame. 

3. The method of claim 2 wherein the analyzing of the payload to 
determine the type of the included message, the analyzing of the identified 
payload to verify the absence of disallowed content, the selecting of the one node 
and the constructing of the distinct data frame are each performed on distinct 
processors of the multi-protocol edge switch. 

4. The method of claim 1 wherein the analyzing of the identified 
payload of each of the data frames to verify an absence of disallowed content is 
performed after the analyzing of that identified payload to determine a type of the 
included message, and wherein the analyzing of the identified payload to verify an 
absence of disallowed content is performed in a manner specific to the 
determined type of the included message of that identified payload. 
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5. The method of claim 1 wherein the selecting of the one node for 
each of the data frames is performed after the analyzing of the identified payload 
of that data frame to determine a type of the included message, and wherein the 
one node that is selected for each of the data frames is based at least in part on a 
correspondence of that one node to the determined type of the included message 
of the identified payload for that data frame. 

6. The method of claim 1 wherein the transmitting of each of the 
distinct data frames constructed based on a received data frame is performed in a 
manner based at least in part on the determined type of the included message of 
the identified payload for that received data frame. 

7. The method of claim 1 including: 

receiving an outgoing data frame that indicates a destination node on 
the first network, the data frame transmitted by a source node on one of the other 
networks that uses a second data link layer network protocol distinct from the first 
data link layer network protocol; 

deconstructing the outgoing data frame to identify the indication of 
the destination node and to identify a payload for the data frame, the 
deconstructing performed in a manner specific to the second data link layer 
network protocol; 

constructing a distinct data frame for transmission to the destination 
node, the distinct data frame specified in a manner specific to the first data link 
layer network protocol; and 

transmitting the constructed distinct data frame to the destination 

node. 

8. The method of claim 1 wherein the data link layer network protocol 
used by one of the networks is an Ethernet protocol. 
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9. The method of claim 1 wherein the data link layer network protocol 
used by one of the networks is a Fibre Channel protocol. 

10. The method of claim 1 wherein the data link layer network protocol 
used by one of the networks is an InfiniBand protocol. 

1 1 . The method of claim 1 wherein the deconstructing of each of the 
data frames is performed by a network processor of the multi-protocol edge 
switch. 

12. The method of claim 1 wherein the deconstructing of each of the 
data frames further identifies a type of the identified payload, and wherein one or 
more of the analyzing of the payload to determine the type of the included 
message, the analyzing of the identified payload to verify the absence of 
disallowed content, the selecting of the one node and the constructing of the 
distinct data frame is performed in a manner based at least in part on the 
identified type of the identified payload. 

13. The method of claim 1 wherein the message included in at least 
some of the identified payloads is an HTTP message, and wherein the analyzing 
of each of those payloads to determine the type of the included message includes 
identifying a Uniform Resource Identifier specified in the message. 

14. The method of claim 1 wherein the analyzing of the identified 
payload of each of the received data frames includes extracting contents of the 
message included in that payload in a manner based on the application layer 
network protocol used to specify the message. 

15. The method of claim 1 wherein the transmitting of a constructed 
distinct data frame for a received data frame is not performed if the analyzing of 
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the identified payload of the received data frame to verify an absence of 
disallowed content fails to verify the absence. 

16. The method of claim 1 including, if the analyzing of the identified 
payload of a received data frame to verify an absence of disallowed content 
instead identifies a presence of disallowed content, modifying the identified 
payload that is included in the distinct data frame constructed for the received 
data frame so as to remove the disallowed content. 

17. The method of claim 1 wherein the transmitting of a constructed 
distinct data frame for a received data frame is not performed if the selecting of 
the one of the multiple nodes is unable to sufficiently balance the processing 
loads on the multiple nodes. 

18. The method of claim 1 including monitoring the processing loads on 
multiple of the nodes of at least one of the networks other than the first network, 
and wherein for at least some of the received frames the selecting of the one of 
the multiple nodes so as to balance the processing loads on the multiple nodes 
includes using the monitored processing loads. 

1 9. The method of claim 1 wherein for each of the received data frames, 
the constructing of the distinct data frame for transmission to the selected one 
node includes adding to the header of the distinct data frame an indication of a 
second destination network address corresponding to the selected one node that 
is distinct from the destination network address identified for that received data 
frame. 

20. The method of claim 1 including, for each of the received data 
frames, determining a transmittal virtual path identifier that is assigned to a path 
to the selected one node through the second network to which that node belongs, 
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and wherein the transmitting of the constructed distinct data frame to the selected 
one node on the second network uses the determined transmittal virtual path 
identifier so that the data frame is routed through the second network along the 
path. 

21. The method of claim 20 wherein, for each of the received data 
frames, the determined transmittal virtual path identifier is added to the header of 
the distinct data frame in place of a destination network address for the selected 
one node. 

22. The method of claim 20 wherein the determining of the transmittal 
virtual path identifier that is assigned to the path to the selected one node for a 
received data frame includes registering with a network manager for the second 
network to which the selected one node belongs and receiving in response the 
transmittal virtual path identifier. 

23. The method of claim 1 including, for each of the received data 
frames, determining one or more Quality Of Service parameters, and wherein the 
transmitting of each of the constructed distinct data frames is performed in 
accordance with the Quality Of Service parameters determined for that data 
frame. 

24. A computer-implemented method for processing received data 
communications, the method comprising: 

receiving data to be communicated through a network to a 
destination, the received data formatted in accordance with a first protocol; 

deconstructing the received data in a manner based on the first 
protocol in order to identify portions of the received data of interest; and 

processing the deconstructed data by, 
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analyzing at least some of the identified portions in order to 
classify a type of those portions of the received data; 

analyzing contents included in at least some of the identified 
portions in order to determine whether a specified type of content is present; and 

determining the destination for the received data in a manner 
so as to load balance multiple possible destinations. 

[c25] 25. The method of claim 24 wherein the first protocol is a data link layer 

network protocol. 

[c26] 26. The method of claim 24 wherein the first protocol is a network layer 

network protocol. 

(fl r C 27] 27 The method of claim 24 wherein the first protocol is a transport layer 

m 

M= network protocol. 

y i 

■ [c28] 28. The method of claim 24 wherein the first protocol is an application 

0 layer network protocol. 

si I 

y t 

H [c29 ] 29. The method of claim 24 wherein the first protocol is a bus protocol. 

[c30] 30. The method of claim 24 wherein the first protocol is Fibre Channel. 

[c3ij 31 . The method of claim 24 wherein the first protocol is InfiniBand. 

[c32] 32. The method of claim 24 wherein the received data is a data frame or 

a data packet, and wherein the identified portions of the received data include a 
header portion of the received data. 
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33. The method of claim 24 wherein the received data is a data frame or 
a data packet, and wherein the identified portions of the received data include a 
payload portion of the received data. 

34. The method of claim 24 wherein the identified portions of the 
received data include entries in a header portion of the received data. 

35. The method of claim 24 wherein the identified portions of the 
received data include portions of a payload of the received data. 

36. The method of claim 24 wherein the deconstructing of the received 
data is performed only a single time. 

37. The method of claim 24 including communicating the received data 
to the destination. 

38. The method of claim 24 including determining a virtual identifier that 
corresponds to a path through the network to the destination and that will be used 
to route the received data through the network to the destination. 

39. The method of claim 24 wherein the classifying of the type of the 
identified portions of the received data includes classifying those identified 
portions in a manner based on an application layer protocol used to format the 
data of those identified portions. 

40. The method of claim 24 wherein the analyzing of the contents 
included in the identified portions includes determining whether at least some of 
the identified portions include prohibited content. 
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41 . The method of claim 40 including blocking transmittal of the received 
data when it is determined that one or more of the identified portions include 
prohibited content. 



[o42] 42. The method of claim 40 including, when it is determined that one or 

more of the identified portions include prohibited content, removing the prohibited 
content from the received data. 

[o43] 43. The method of claim 24 wherein the analyzing of the contents 

included in the identified portions includes determining whether at least some of 
the identified portions do not include required content. 

fas,*. 

Q [c44] 44. The method of claim 24 including providing firewall functionality 

CP based on the analyzing of the contents included in the identified portions. 



m 



s - : 



[c45] 45. The method of claim 24 wherein the processing of the deconstructed 

data includes formatting the received data in accordance with a distinct second 
protocol. 



p [o46] 46. The method of claim 24 wherein the analyzing of the contents 

included in the identified portions is performed in a manner based at least in part 
on the classified type of those identified portions. 

[c47] 47. The method of claim 24 wherein the analyzing of the identified 

portions in order to classify the type of those portions is performed in a manner 
based at least in part on the determination of whether the specified type of 
content is present. 
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48. The method of claim 24 wherein the determining of the destination is 
additionally performed in a manner based at least in part on the classified types of 
the analyzed identified portions. 

49. The method of claim 24 wherein the determining of the destination is 
additionally performed in a manner based at least in part on the determination of 
whether the specified type of content is present. 

50. The method of claim 24 wherein each of the analyzing of the 
identified portions, the analyzing of the included contents and the determining of 
the destination is performed in parallel. 

51. The method of claim 24 wherein each of the analyzing of the 
identified portions, the analyzing of the included contents and the determining of 
the destination is performed on a distinct processor. 

52. The method of claim 24 wherein the method is performed by a multi- 
protocol edge switch connected to at least two networks that each use distinct 
protocols. 

53. A computer-readable medium whose contents cause a computing 
device to process received data communications by performing a method 
comprising: 

receiving data to be communicated through a network to a 
destination, the received data formatted in accordance with a first protocol; 

deconstructing the received data in order to identify portions of the 
received data; and 

processing the deconstructed data by, 

detecting whether a specified type of content is present in at 
least some of the identified portions; and 
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when the specified type of content is not detected to be 
present, load balancing multiple possible destinations for the received data in 
order to determine a destination to which the received data will be communicated. 

54. The computer-readable medium of claim 53 wherein the computer- 
readable medium is a memory of a computer system. 

55. The computer-readable medium of claim 53 wherein the computer- 
readable medium is a data transmission medium transmitting a generated data 
signal containing the contents. 

56. The computer-readable medium of claim 53 wherein the processing 
of the deconstructed data further includes classifying a type of at least some of 
the identified portions of the received data. 

57. The computer-readable medium of claim 53 wherein the processing 
of the deconstructed data further includes formatting the received data in 
accordance with a distinct second protocol and indicating to communicate to the 
determined destination the data formatted in accordance with the second protocol. 

58. The computer-readable medium of claim 53 wherein the 
deconstructing of the received data is performed only a single time. 

59. A computing device for processing received data communications, 
comprising: 

a first component capable of receiving data to be communicated 
through a network to a destination, the received data formatted in accordance with 
a first protocol; 

a deconstruction component capable of deconstructing the received 
data in order to identify portions of the received data; and 

[03004-8039 app.doc] -46- 



one or more processing components capable of processing the 
deconstructed data by detecting whether a specified type of content is present in 
at least some of the identified portions and by determining a destination to which 
the received data will be communicated if the specified type of content is not 
detected to be present, the determining of the destination by load balancing 
multiple possible destinations for the received data. 



a 



[c60] 60. The computing device of claim 59 wherein the one or more 

processing components are further capable of processing the deconstructed data 
by classifying a type of at least some of the identified portions of the received 
data. 

[c6i] 61 . The computing device of claim 59 wherein the computing device is a 

multi-protocol node on the network, and wherein the one or more processing 
components are further capable of processing the deconstructed data by 
formatting the received data in accordance with a distinct second protocol and by 
indicating to communicate the data formatted in accordance with the second 
protocol to the determined destination. 

[ c6 2] 62. The computing device of claim 59 wherein the first component and 

the deconstruction component are executing in memory of the computing device. 

[c63] 63. The computing device of claim 59 wherein the processing 

components execute in parallel. 

[c64] 64. The computing device of claim 59 wherein the processing 

components each execute on a distinct processor of the computing device. 
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65. A computer system for processing received data communications, 
comprising: 

means for receiving data to be communicated through a network to a 
destination, the received data formatted in accordance with a first protocol; 

means for deconstructing the received data in a manner based on the 
first protocol in order to identify portions of the received data; and 
means for processing the deconstructed data by, 

classifying a type of content included in at least some of the 
identified portions of the received data; 

detecting whether a specified type of content is present in at 
least some of the included content; and 

when the specified type of content is not detected to be 
present, load balancing multiple possible destinations for the received data in 
order to determine a destination to which the received data will be communicated. 

66. A computer-implemented method for processing received data 

communications, the method comprising: 

receiving data to be communicated through a network to a 
destination, the received data formatted in accordance with a first protocol; 

deconstructing the received data in order to identify portions of the 
received data each having contents; and 

processing the deconstructed data by, 

classifying a type of the contents of at least some of the 
identified portions of the received data; 

analyzing at least some of the contents in order to determine 
whether a disallowed type of content is present, the analyzing based at least in 
part on the classified types of the contents; and 

when the disallowed type of content is determined to be 
present, preventing the communicating of the received data to the destination. 
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[c67] 67. A computer-implemented method for processing received data 

communications, the method comprising: 

receiving data to be communicated through a network to a 
destination, the received data formatted in accordance with a first protocol; 

deconstructing the received data in a manner based on the first 
protocol in order to identify portions of the received data; and 
processing the deconstructed data by, 

classifying a type of at least some of the identified portions; and 
constructing a new group of data that is formatted in 
accordance with a distinct second protocol to be communicated to the destination, 
the constructing based at least in part on the classifying. 

68. A computer-implemented method for processing received data 
communications, the method comprising: 

receiving data to be communicated through a network to a 
destination, the received data formatted in accordance with a first protocol; 

deconstructing the received data in a manner based on the first 
protocol in order to identify portions of the received data; and 
processing the deconstructed data by, 

classifying a type of at least some of the identified portions; and 
formatting the received data in accordance with a distinct 
second protocol, the data formatted with the second protocol to be transmitted to 
the destination in a manner based at least in part on the classifying. 

[c69] 69. A computer-implemented method for processing received data 

communications, the method comprising: 

receiving data to be communicated through a network to a 
destination, the received data formatted in accordance with a first protocol; 

deconstructing the received data in a manner based on the first 
protocol in order to identify portions of the received data; and 
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processing the deconstructed data by, 

analyzing contents of at least some of the identified portions in 
order to detect whether a specified type of content is present; 

determining whether to allow the received data to be 
communicated to the destination based on whether the specified type of content is 
detected as being present; and 

when it is determined to allow the received data to be 
communicated, formatting the received data in accordance with a distinct second 
protocol that corresponds to the destination and indicating to communicate to the 
destination the data formatted in accordance with the second protocol. 

70. A computer-implemented method for processing received data 
communications, the method comprising: 

receiving data to be communicated through a network to a 
destination, the received data formatted in accordance with a first protocol; 

deconstructing the received data in a manner based on the first 
protocol in order to identify portions of the received data; and 

processing the deconstructed data by, 

analyzing contents included in at least some of the identified 
portions in order to determine whether a disallowed type of content is present; 
and 

when it is determined that the disallowed type of content is not 

present, 

determining a destination for the received data in a 
manner so as to load balance multiple possible destinations; and 

formatting the received data in accordance with a distinct 
second protocol for communicating to the determined destination. 
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71. A computer-implemented method for processing received data 
communications, the method comprising: 

receiving data to be communicated through a network to a 
destination, the received data formatted in accordance with a first protocol; 

deconstructing the received data in a manner based on the first 
protocol in order to identify portions of the received data; and 
processing the deconstructed data by, 

classifying a type of at least some of the identified portions; 
load balancing multiple possible destinations for the received 
data in order to determine a destination to which the received data will be 
communicated; and 

formatting the received data using a distinct second protocol 
that corresponds to the determined destination. 

72. A computer-implemented method for processing received data 
communications, the method comprising: 

receiving data to be communicated through a network to a 
destination, the received data formatted in accordance with a first protocol; 

deconstructing the received data in a manner based on the first 
protocol in order to identify portions of the received data; and 
processing the deconstructed data by, 

classifying a type of at least some of the identified portions; 
determining whether a specified type of content is present in at 
least some of the identified portions; and 

when the specified type of content is not detected to be 
present, formatting the received data in accordance with a distinct second 
protocol. 
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73. A computer-implemented method for processing received data 
communications, the method comprising: 

receiving data to be communicated through a network to a 
destination, the received data formatted in accordance with a first protocol; 

deconstructing the received data in order to identify portions of the 
received data; and 

processing the deconstructed data by, 

classifying a type of content included in at least some of the 

identified portions; 

analyzing the included contents in order to provide firewall 

functionality; 

determining a destination for the received data in such a 
manner as to load balance multiple possible destinations; and 

formatting the received data in accordance with a distinct 

second protocol. 

74. A computer-implemented method for processing received data 
communications, the method comprising: 

receiving data to be communicated through a network to a 
destination, the received data formatted in accordance with a first protocol; 

deconstructing the received data in a manner based on the first 
protocol in order to identify portions of the received data; 

processing the deconstructed data by, 

classifying a type of content included at least some of the 

identified portions; 

analyzing the content included in at least some of the identified 

portions; 

determining a destination for the received data in such a 
manner as to load balance multiple possible destinations; and 
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constructing a new group of data that is formatted using a 
distinct second protocol; and 

transmitting the constructed new group of data to the determined 

destination. 

75. The computer-readable medium of claim 53 wherein the contents 
are instructions that when executed cause the computing device to perform the 
method. 
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